Описание
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.1.1-3ubuntu0.2 |
| devel | released | 1.2.2-1ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.99.22.4-3ubuntu1.5]] |
| esm-infra/xenial | released | 0.99.24.1-2ubuntu1.4 |
| precise/esm | DNE | |
| trusty | released | 0.99.22.4-3ubuntu1.5 |
| trusty/esm | DNE | trusty was released [0.99.22.4-3ubuntu1.5] |
| upstream | released | 1.2.3 |
| xenial | released | 0.99.24.1-2ubuntu1.4 |
Показывать по
5 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its p ...
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
5 Medium
CVSS2
6.5 Medium
CVSS3